<?php
  include_once("session.php");  
  include_once('constants.php'); 
  include_once('db.php');
  include_once('mail.php');

if(!empty($_SESSION['freecap_word_hash']) && !empty($_POST['word']))
{
  $username = $_POST['inviteusername'];  
  $otherName = $_POST['inviteothername'];
  $otherEmail = $_POST['inviteotheremail'];
  
  // all freeCap words are lowercase.
    // font #4 looks uppercase, but trust me, it's not...
    if($_SESSION['hash_func'](strtolower($_POST['word']))==$_SESSION['freecap_word_hash'])
    {
        // reset freeCap session vars
        // cannot stress enough how important it is to do this
        // defeats re-use of known image with spoofed session id
        $_SESSION['freecap_attempts'] = 0;
        $_SESSION['freecap_word_hash'] = false;

        // now process form        
        $error = false;
        $errordesc = "";
        // check data
        if ( empty($username) || strlen($username) < 6 ){
          $error = true;
          $errordesc = "Please enter your name.";
        }
        if ( empty($otherName)){
          $error = true;
          $errordesc = "Please enter your friend name.";
        }
        if ( empty($otherEmail) || strlen($otherEmail) < 4){
          $error = true;
          $errordesc = "Please enter your friend email.";
        } 
        
        if ( !$error){
        	mailInvite($username, $otherName, $otherEmail);
        }   
                                     
    } else {
        $error = true;
        $errordesc = "Word verification failed.";
    }
} else {
    $error = false;
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:vml">
  <head>
    <meta http-equiv="content-type" content="text/html; charset=utf-8"/>
    <title><?php echo $product_name;?></title>
    <link rel="stylesheet" href="css/main.css" type="text/css">
    
    <script type="text/javascript" src="scripts/md5.js"></script>
    <script type="text/javascript">
      //<![CDATA[
      function inviteSubmit() {
        if (document.forms["inviteform"].inviteusername.value == '') {
          var error = document.getElementById("error");
          error.innerHTML = "Please enter your name.";          
          document.forms["inviteform"].inviteothername.focus();
          return false;
        }
        if (document.forms["inviteform"].inviteothername.value == '') {
          var error = document.getElementById("error");
          error.innerHTML = "Please enter your friend name.";	                 
          document.forms["inviteform"].inviteothername.focus();
          return false;
        }
        if (document.forms["inviteform"].inviteotheremail.value == '') {
          var error = document.getElementById("error");
          error.innerHTML = "Please enter your friend email.";                    
          document.forms["inviteform"].inviteotheremail.focus();
          return false;
        }
        
        return true;
      }
      
      function new_freecap() {
        if (document.getElementById) {
          thesrc = document.getElementById("freecap").src;
          thesrc = thesrc.substring(0,thesrc.lastIndexOf(".")+4);
          // add ?(random) to prevent browser/isp caching
          document.getElementById("freecap").src = thesrc+"?"+Math.round(Math.random()*100000);
        } else {
          alert("Sorry, cannot autoreload word image\nSubmit the form and a new word will be loaded");
        }
      }
      //]]>
    </script>
    
  </head>
  <body>    
    <div id="main">      
    <?php 
      include ("header.php");      
    ?>         
    <div id="content">                     
      <div id="contentcenter">             
        <h1>Invite a friend</h1>
        <br/>        
        <?php
        if ($otherName){
          echo "<p> Your invitation has been send to ".$otherName.". If you wish please invite another friend.";
          echo "</p>";
        }
        ?>                          
        <p class="error" id="error">
        <?php         
            if ($error) {
              echo $errordesc;
            } else {
              echo "<br/>";
            }
        ?>
        </p>  
        <form id="inviteform" class="mform" action="invite.php" onsubmit="return inviteSubmit();" method="post" enctype="multipart/form-data">
        <table>
          <tr>
            <td><label for="inviteusername" accesskey="u">Your Name:</label></td>
            <td class="btext"><input type="text" name="inviteusername" id="inviteusername" size="25" value="<?php echo $sessionUserName; ?>"/></td>
          </tr>
          <tr>
            <td><label for="inviteothername" accesskey="o">Friend Name:</label></td>
            <td class="btext"><input type="text" name="inviteothername" id="inviteothername" size="25" value=""/></td>
          </tr>
          <tr>
            <td><label for="inviteotheremail" accesskey="e">Friend Email:</label></td>
            <td class="btext"><input type="text" name="inviteotheremail" id="inviteotheremail" size="25" value=""/></td>
          </tr>                    
          <tr>
            <td>Type the word bellow:</>
            <td><label for="word" accesskey="w"></label><input type="text" name="word" id="word" size="25"/></td>
          </tr>
          <tr>
            <td>&nbsp;</td>
            <td><img src="./lib/freecap/freecap.php" id="freecap" alt="Are you a bot?"/></td>
          </tr>
          <tr>
            <td>&nbsp;</td>
            <td class="text"><sub>If you can't read the word, <a href="#" onclick="this.blur();new_freecap();return false;">click here</a></sub></td>
          </tr>
          <tr><td colspan="2"><hr/></td></tr>
          <tr><td></td><td class="btn" colspan="2"><input type="submit" id="invite" name="signup" value="Invite"/></td></tr>                    
        </table>
        </form>
      </div>                                      
    </div> <!-- content center-->
    <br/>
    <div>    
    </div><!-- content -->
      <?php 
        include ("footer.php");      
      ?>
    </div><!-- main -->
    <?php         
        include ("ga.php");
    ?>
  </body>
</html>
